Bug#398460: CVE-2006-5397: libX11 XCOMPOSEFILE File Descriptor Leak
Package: libx11-6
Version: 2:1.0.3-2
Severity: important
Tags: security
A vulnerability has been found in libx11:
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2
and 1.0.3 opens a file for reading twice using the same file
descriptor, which causes a file descriptor leak that allows local
users to read files specified by the XCOMPOSEFILE environment variable
via the duplicate file descriptor.
See
https://bugs.freedesktop.org/show_bug.cgi?id=8699
Please mention the CVE id in the changelog.
Reply to: